“Autonomous Cybersecurity Defence and Protection” as a research field involves identifying threats and implementing both technical and organizational measures to anticipate cyberattacks or incidents. In this context, we focus on a range of problems, aiming to develop solutions in the following areas:
- Automated Vulnerability Management: This involves the continuous and automated detection, along with the patching, of both known and unknown software vulnerabilities throughout an entire network. This proactive approach ensures vulnerabilities are addressed before they can be exploited.
- Identity and Access Management: We aim to streamline the processes that handle the digital identities of users, thereby regulating access to sensitive information and critical systems. Key to this is the development of systems like Athena, which should be cognizant of access and identity policies and actively monitor control decisions related to access.
- Cyber Threat Intelligence Analysis: This includes acquiring, processing, and analyzing data about potential cyber threats. The goal is to understand and predict the actions of adversaries, enabling pre-emptive defense strategies.
- Asset Inventory and Control Enforcement: We focus on establishing and maintaining a comprehensive inventory of assets. This also involves implementing controls and functions that can be actively enforced during a cyberattack to mitigate risks.
- Automated System Scanning and Hardening: This involves automatically scanning systems to identify known vulnerabilities and ensuring that all systems are deployed in a secure, hardened configuration. This reduces the attack surface and strengthens the overall security posture.